CCI-003081

Design the security architecture for the system using a defense-in-depth approach that allocates organization-defined controls to organization-defined locations.

Implementation Guidance

Determine if: - the security architecture for the system is designed using a defense-in-depth approach that allocates [PL-08(01)_ODP[01]; controls to be allocated are defined] to [PL-08(01)_ODP[02]; locations and architectural layers are defined]. - the privacy architecture for the system is designed using a defense-in-depth approach that allocates [PL-08(01)_ODP[01]; controls to be allocated are defined] to [PL-08(01)_ODP[02]; locations and architectural layers are defined].

Validation Procedures

Examine: [SELECT FROM: Security and privacy planning policy; procedures addressing information security and privacy architecture development; enterprise architecture documentation; information security and privacy architecture documentation; system security plan; privacy plan; security and privacy CONOPS for the system; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security and privacy planning and plan implementation responsibilities; organizational personnel with information security and privacy architecture development responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for designing the information security and privacy architecture; mechanisms supporting and/or implementing the design of the information security and privacy architecture].

The controls below (if any) were marked by NIST as being related to CCI-003081.